This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

How secure? very...

Feb 2nd, 2005, 08:33 PM

Not to waste too much bandwidth but...

I am developing a simple internal web app for my client and was wondering how secure it was. I asked the security guru's to run the battery of tests against the app looking for the typical vulnerabilities (cross site scripting, sql injection ,etc...). When they ran it the only problems were in cross site script injection into my selection (pick lists) inputs. I was validating other input but I wasn't validating the selections (my bad). I hadn't done that because I was providing the selection options via reference data. Anyway, makes sense (from the domain perspective) so I added a basic validation for the selection entries too. When the tools were re-run, everything passes! ACEGI + Spring MVC is pretty iron clad. I 'm quite sure a home-grown security/Struts based app wouldn't have fared so well. More than a few heads turned when the results came out. :shock: